Application Security

Application Security | News, how-tos, features, reviews, and videos

CSO: Have you met these hackers? [slide 11]

How to start your own bug-bounty program

Code vulnerabilities and other entry points for hackers exist in your systems. Why not use hackers to help find and fix them?

mind the gap sign

5 security gaps introduced by hybrid IT

As enterprises evolve towards more use of cloud infrastructure and services, it will become increasingly necessary to mind the security gaps between traditional and cloud environments

command line

What’s new at GitHub: dependency management, security alerts

The code-sharing site will tell users what projects depend on other projects as well as offer security alerts

bos17 networking security lg

Bossie Awards 2017: The best networking and security software

InfoWorld picks the top open source software for protecting networks and their users

Why the Equifax security threat isn’t over yet

Here's what you can do to make sure your company isn't negatively affected and to protect your company's use of open source code

Hidden cloud migration gotchas

From equanimity to Equifax

What the Equifax breach should show CIOs and CISOs about open-source software quality

secret

How to keep container secrets secret

Keeping secrets secret in container-based applications is complex and challenging, but far from hopeless

Faraday_Blackhat2017
video

Simple tips to keep your devices secure when you travel

CSO security reporters Fahmida Rashid and Steve Ragan share some easy ways to keep your data and devices secure while traveling, even at the Black Hat conference, where active scanning is the norm. (And check out the built-in Faraday...

The dark web's changed
video

How the dark web has gone corporate

Some criminals on the dark web are taking their cues from the practices of corporate IT. Illicit offerings run the gamut from code that buyers have to implement themselves to turnkey solutions and consulting services.

Blackhat_2017
video

How DevOps and cloud will speed up security

Zane Lackey, CSO and co-founder of Signal Sciences, talks with CSO senior writer Fahmida Rashid about how DevOps and cloud can help organizations embed security into their technology structures, enabling business to move faster.

Blackhat_2017
video

Stop blaming users for security misses

Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer...

cargo containers

How to think about Docker security

Is Docker secure? To answer that question, we need to look at the entire Docker stack

Arlo Go Netgear

Are VMs more secure than containers?

In theory, virtual machines (VMs) are more secure than containers. In practice, they probably are. It depends on how the VMs are implemented.

security check point sign

DevSecOps: Paradigm shifts are messy, but someone's got to take the lead

Companies that lead with application security have security practitioners willing and able to lead

3 patches

Microsoft kills off security bulletins after several stays

'Disappointing,' says patch expert after concluding the replacement means more work for admins

microsoft stock campus building

Microsoft fixes 45 flaws, including three actively exploited vulnerabilities

Microsoft Patch Tuesday includes fixes for critical flaws in IE, Edge, Office, Windows, and .Net

cio to ceo man with briefcase on skateboard career growth speed blur career path

Silicon Valley weighs speed versus risk in app dev

A panel featuring Atlassian, GitHub, HackerOne, and Rainforest explores how to get successful software projects completed on time without breaking things

security check point sign

Mozilla project keeps compromised apps out of circulation

The Binary Transparency plan would use public certificate technology to guarantee binaries haven't been replaced with malicious counterparts

Security online

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Software vendors will fix these vulnerabilities, but users should remember that there are always zero-day exploits out there

Load More